Displaying 2 results from an estimated 2 matches for "ssl_op_msie_sslv2_rsa_pad".
2005 Oct 11
0
FreeBSD Security Advisory FreeBSD-SA-05:21.openssl
...r version of the protocol (SSLv3) to end
up using the older version of the protocol (SSLv2).
II. Problem Description
In order to provide bug-for-bug compatibility with Microsoft Internet
Explorer 3.02, a verification step required by the Secure Sockets Layer
protocol can be disabled by using the SSL_OP_MSIE_SSLV2_RSA_PADDING
option in OpenSSL. This option is implied by the frequently-used
SSL_OP_ALL option.
III. Impact
If the SSL_OP_MSIE_SSLV2_RSA_PADDING option is enabled in a server
application using OpenSSL, an attacker who is able to intercept and
tamper with packets transmitted between a client and the serv...
2005 Oct 11
10
FreeBSD Security Advisory FreeBSD-SA-05:21.openssl
...r version of the protocol (SSLv3) to end
up using the older version of the protocol (SSLv2).
II. Problem Description
In order to provide bug-for-bug compatibility with Microsoft Internet
Explorer 3.02, a verification step required by the Secure Sockets Layer
protocol can be disabled by using the SSL_OP_MSIE_SSLV2_RSA_PADDING
option in OpenSSL. This option is implied by the frequently-used
SSL_OP_ALL option.
III. Impact
If the SSL_OP_MSIE_SSLV2_RSA_PADDING option is enabled in a server
application using OpenSSL, an attacker who is able to intercept and
tamper with packets transmitted between a client and the serv...